Large JSON input¶

Description¶

Inputting a very large sized JSON as an argument.

Remediation¶

Limit the maximum size of a JSON that can be inputted.

GraphQL Specific¶

Apollo

To address large JSON input issues in the Apollo framework, ensure that you implement input validation to reject payloads that exceed the expected size. Additionally, consider using streaming JSON parsers to handle large inputs more efficiently and avoid memory overload. Set up rate limiting and depth limiting to protect against abusive requests and maintain server performance.

Yoga

To handle large JSON input in the Yoga framework engine, consider implementing streaming JSON parsers to process the data in chunks, thereby reducing memory overhead. Additionally, ensure that the server has sufficient resources to handle the expected load and optimize the JSON parsing logic for performance.

Awsappsync

To address large JSON input issues in AWS AppSync, consider implementing pagination to break down the data into smaller chunks, compressing the JSON payload if the service allows, or increasing the payload size limits within the service configuration if possible. Additionally, optimize the resolver logic to handle large inputs more efficiently and ensure that the underlying data sources can process large requests effectively.

Graphqlgo

To mitigate the risk of inefficient processing or potential denial of service attacks when handling large JSON inputs in a GraphQL Go framework, it is recommended to implement input validation to restrict the size and structure of the incoming JSON requests. Additionally, consider using query complexity analysis to prevent overly complex queries from overloading the system. Employing rate limiting and timeouts can also help in managing the load on the server. Ensure that the parsing of JSON is done securely to avoid injection attacks. Regularly monitor and log the performance to identify and address any issues proactively.

Graphqlruby

To mitigate the risk of large JSON input attacks in the GraphQL Ruby framework, implement input validation to restrict the size and structure of the incoming JSON payloads. Additionally, consider using query complexity analysis to prevent overly complex queries from consuming excessive resources.

Hasura

To mitigate the risk of large JSON input vulnerabilities in Hasura, ensure that you implement strict input validation, enforce payload size limits, and utilize depth and complexity limits for queries. Additionally, consider using rate limiting to prevent abuse.

Agoo

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs in the Agoo framework.

Ariadne

To handle large JSON inputs in the Ariadne framework, ensure that you implement streaming or chunking techniques to process the data efficiently, preventing memory overload and maintaining performance.

Caliban

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs in the Caliban framework.

Dgraph

Optimize JSON handling by breaking down large JSON inputs into smaller, manageable chunks before processing in the Dgraph framework to prevent performance issues and ensure efficient data handling.

Dianajl

Optimize the JSON handling in the dianajl framework engine by implementing streaming parsers to efficiently process large JSON inputs without overwhelming memory resources.

Directus

Optimize JSON handling by implementing pagination and lazy loading techniques in Directus to efficiently manage large datasets.

Flutter

Optimize JSON handling by using efficient parsing libraries and streaming techniques to manage large JSON inputs in Flutter applications.

Graphene

Optimize the handling of large JSON inputs in the Graphene framework by implementing pagination and batching techniques to efficiently process and query data.

Graphqlapiforwp

Optimize the GraphQL API for WP framework by implementing pagination and batching to efficiently handle large JSON inputs.

Graphqlgophergo

To handle large JSON inputs in the GraphQLGopherGo framework, ensure that you implement input validation and limit the size of JSON payloads to prevent potential performance issues and security vulnerabilities.

Graphqljava

Ensure that the GraphQLJava engine is configured to handle large JSON inputs efficiently by optimizing query execution and using pagination to manage data size.

Graphqlphp

Implement input validation and limit the size of JSON payloads to prevent performance issues and potential denial of service attacks in the graphqlphp framework.

Graphqlyoga

To handle large JSON inputs in the GraphQL Yoga framework, ensure you validate and parse the input efficiently, and consider using streaming parsers or chunking the data to prevent memory overload.

Hypergraphql

Optimize query execution by using efficient data fetching strategies and limit the size of JSON responses to prevent performance issues in the HyperGraphQL framework.

Jaal

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs in the Jaal framework engine.

Juniper

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs in the Juniper framework.

Lacinia

Optimize the handling of large JSON inputs in the Lacinia framework by implementing streaming parsers or chunked processing to efficiently manage memory and improve performance.

Lighthouse

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs without overwhelming memory resources.

Mercurius

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs in the Mercurius framework.

Morpheusgraphql

Optimize the handling of large JSON inputs in MorpheusGraphQL by implementing streaming parsers or chunked processing to efficiently manage memory and improve performance.

Qglgen

To handle large JSON inputs in the gqlgen framework, consider implementing streaming parsers or chunked processing to efficiently manage memory usage and improve performance.

Sangria

Optimize the handling of large JSON inputs by implementing streaming parsers or chunked processing to prevent memory overload in the Sangria framework.

Shopify

Optimize JSON handling by implementing pagination or chunking to manage large data sets efficiently in the Shopify framework.

Stepzen

To handle large JSON inputs in the StepZen framework, ensure that your GraphQL queries are optimized and consider using pagination or batching techniques to manage data efficiently.

Strawberry

Optimize JSON handling by implementing streaming parsers to efficiently process large JSON inputs in the Strawberry Framework engine.

Tartiflette

Optimize the handling of large JSON inputs in the Tartiflette framework by implementing streaming parsers or chunked processing to efficiently manage memory and improve performance.

Wpgraphql

Optimize the handling of large JSON inputs in the WPGraphQL framework by implementing efficient parsing techniques and memory management strategies to prevent performance bottlenecks and ensure smooth operation.

Configuration¶

Identifier: resource_limitation/large_json_input

Options¶

skip_objects : List of object that are to be skipped by the security test.

Examples¶

Ignore this check¶

checks:
  resource_limitation/large_json_input:
    skip: true

Score¶

Escape Severity:

Compliance¶

OWASP: API4:2023
OWASP LLM: LLM04:2023
pci: 6.5.1
gdpr: Article-32
soc2: CC1
psd2: Article-94
iso27001: A.14.2
nist: SP800-95
fedramp: SI-10

Classification¶

CWE: 20

Score¶

CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C
CVSS_SCORE: 5.1

References¶

https://gusralph.info/file-upload-checklist/